On Tue, Oct 02, 2012 at 11:00:53AM +0100, Stuart Henderson wrote: > On 2012/10/01 22:56, Lawrence Teo wrote: > > This diff adds an rc.d script for Snort. > > > > It also modifies the pkg/README file to mention the rc.d script, and > > adds a note that rules need to be present in /etc/snort/rules for Snort > > to work as an IDS (since `/etc/rc.d/snort start` will fail if rules > > don't exist in that directory). > > > An up-to-date set of rules is needed for Snort to be useful as an IDS. > > These can be downloaded manually or net/oinkmaster can be used to > > -download the latest rules from several different sources. > > +download the latest rules from several different sources. By default, > > +these rules are expected to be present in the ${SYSCONFDIR}/snort/rules > > +directory as defined by RULE_PATH in ${SYSCONFDIR}/snort/snort.conf. > > It would be nice to give a specific example of commands that could be > run to download some rules to get started and see it working, preferably > without having to register - I found various talk about "community rules" > but didn't find anywhere they could actually be downloaded - do you know > of anything that might be suitable?
You may use the rules from the emerging threats project at http://rules.emergingthreats.net With oinkmaster (which is in ports) you could use for example url = http://rules.emergingthreats.net/open-nogpl/snort-2.9.0/emerging.rules.tar.gz in oinkmaster.conf and then add the rules files to snort.conf. Regards, Markus